with Sohan Maheshwar, Stefano Maestri, Alessio Soldano, Ixchel Ruiz, Soroosh Khodami

Join us for an engaging and practical panel discussion on integrating security into every stage of the software development lifecycle! This session is all about embracing software security as an integral part of the development process, not just a tick-box exercise. Our distinguished panelists come from a diverse range of backgrounds and will share their unique insights, offering valuable takeaways for all attendees.
Why is this important? Today, security vulnerabilities can lurk in every corner, whether it's a missing patch or a misconfigured setting. This panel will explain how to seamlessly incorporate security practices into coding, testing and deployment. These experts will share practical strategies to enhance your software's security posture immediately, equipping you with the tools you need to do so.
Expect lively interaction! We will encourage questions and real-time feedback, making this a collaborative space where ideas flow freely. Whether you want to understand the latest tools, such as Software Bills of Materials (SBOMs), or learn the best ways to prevent vulnerabilities, you will walk away with useful strategies and a clearer path to fortifying your software development process.
Don't miss this chance to improve your development practices and protect your applications. Together, let's make secure software development an objective we can all achieve!

Devoxx

A panel discussion on practical software security strategies for developers, covering the expanding attack surface in the AI era, broken access control as the top OWASP risk, the dangers of blindly trusting AI-generated code, and the importance of threat modeling. Panelists emphasize that AI empowers both attackers and defenders, that exploit timelines have shrunk from weeks to under a day, and that LLMs are non-deterministic and should not be used to make security decisions. Actionable recommendations include: sandboxing development environments, generating and monitoring SBOMs, using industry-standard access control libraries instead of rolling your own, adding security checks to AI prompts and specs, implementing continuous monitoring alongside CI/CD, and consulting resources like OWASP, OSSF, SLSA, and Google's SAIF framework. The EU Cyber Resilience Act's December 2027 SBOM verification deadline is highlighted as a compliance driver.

(Panel) Building Secure Software: Practical Strategies for Developers